Computer Dies & Das

Test

Hier die Konfigurationsdaten für die diversen Netzwerktools der einzelnen Distributionen:

• Sicherheit: WPA/TKIP oder WPA2/AES
• EAP-Type: EAP-TTLS
• Anonyme Identität: anonymous@tu-dresden.de
• CA-Zertifikat: TUD-CACert.pem
• Innere Autorisierugsmethode: PAP
• Benutzername: <login>@tu-dresden.de
• Passwort: <ZIH-Passwort>
• IP-Vergabe: automatisch per DHCP

• Download

• Thinkwiki

• TLP (Grundlegende Stromsparfunktionen)
• powertop (Anzeigen der Prozessorleistung und Aufwachzeiten)
• UbuntuTweak (Überflüssige Sachen abstellen, Pakete entfernen etc.)
• BleachBit (Verwaiste Dateien und Programme entfernen)
• Granola (Dauerhaft niedrige Prozessortaktung)
• thinkfan (Lüftersteuerung, Config Datei /etc/thinkfan.conf))

• (0, 0, 58)
• (1, 55, 61)
• (2, 60, 61)
• (3, 60, 61)
• (4, 60, 61)
• (5, 60, 66)
• (7, 60, 32767)

• http://thinkpad-wiki.org/TLP_-_Stromspareinstellungen_fuer_Ubuntu

• Android unter Virtualbox installieren

  nmap -sP 172.16.2.*

http://wiki.ubuntuusers.de/Paketverwaltung/Tipps

---

'+Wine daran hindern ins internet zu gehen:+'

* http://ubuntuforums.org/showthread.php?t=1188099&page=3 * http://en.gentoo-wiki.com/wiki/Iptables_for_newbies#Rules

I made a few modifications to original poster's HOWTO, to make it work well in Ubuntu 10.10 (32-bit):

1. Since putting iptables_no-internet_rule script in if-pre-up.d didn't work for me (it wasn't executed after system restart, I had to manually start it every time I booted the machine), I put it in if-up.d.

2. Because rule for iptables was put at the end of OUTPUT rules, and because of rules that precedes it, it was never executed. To solve this, I changed the rule to Code:

iptables -I OUTPUT 1 -m owner –gid-owner no-internet -j DROP

so it would be placed at the top of OUTPUT rules (and applied first).

3. Original ni script required quotes around command if there were any arguments, ie: Code:

ni „command arg1 arg2 arg3“

This was very troublesome if you wanted to alter parameters from the script (especially if they contain spaces). I changed the ni script to ommit necessary quotes around such commands: Code:

#!/bin/bash COMMAND=„$1“ shift for arg; do COMMAND=„$COMMAND \“$arg\„“ done sg no-internet „$COMMAND“

Now it can be invoked with: Code:

ni command arg1 arg2 arg3

which is much better for scripts. zzarko is offline Reply With Quote

The average home user might want something that accepts certain incoming connections but blocks everything else. Open /etc/iptables.bak in your favorite text editor and insert the following text. File: /etc/iptables.bak

# Generated by iptables-save v1.2.11 on Tue May 10 08:06:58 2005 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]

# accept all from localhost -A INPUT -i lo -j ACCEPT

# drop invalid packets -A INPUT -m state –state INVALID -j DROP

# accept all previously established connections -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

# permit people to ssh into this computer -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT

# permit ftp and web hosting services -A INPUT -p tcp -m state –state NEW -m tcp –dport 20 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 21 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT

# permit windows file sharing -A INPUT -p tcp -m state –state NEW -m tcp –dport 137:139 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 426 -j ACCEPT -A INPUT -p tcp -m state –state NEW -m tcp –dport 445 -j ACCEPT

# permit five ports for bitorrent -A INPUT -p tcp -m state –state NEW -m tcp –dport 6881:6886 -j ACCEPT

# reject all other packets coming into the computer, even from other computers in the local area network -A INPUT -j REJECT –reject-with icmp-port-unreachable

COMMIT # Completed on Tue May 10 08:06:58 2005

You can now load the above file using the following command: Now, you can tell iptables about this file: # iptables-restore /etc/iptables.bak

Although the rules have now been added to iptables, they are not saved explicitly. As a result, you should have iptables save the newly added rules using the following command: # /etc/init.d/iptables save Note: If you want to make a backup of all the rules you have added, copy /var/lib/iptables/rules-save to a place of your choosing.

Now try and start iptables:

# /etc/init.d/iptables start # /etc/init.d/iptables stop # /etc/init.d/iptables start

The reason we start, then stop, then start again is because we haven't yet started the iptables script, so we must set the �initialized� status before stopping. Stopping essentially erases all settings and puts you back to zero. If everything works well and you don't seem to have lost access to the server, then you can add iptables to the default runlevel. This will have the iptables service start up each time you boot the computer. # rc-update add iptables default

*NAS Platte im System einhängen

Zuerst die Platte mit folgendem Befehl auf ein Device md0 (falls nicht vorhanden) mappen:

# $ mdadm –assemble –run /dev/md0 /dev/sdc1

anschließend kann das Device (Die platte) mit folgendem Befehl gemountet werden:

# $ mount /dev/md0 /mnt/test

* Umbenennen von Bildern nach Exif-Daten:

 ''exiftool '-filename<%f_iso${iso}_s${myspeed}_a${myaperture}_f${myfocal}.%e' *''

ExifTool-Config-Datei: ~/.ExifTool_config

%Image::ExifTool::UserDefined = (

  'Image::ExifTool::Composite' => {
      MyAperture => {
          Require => 'Aperture',
          ValueConv => '$val =~ tr/./_/; $val',
      },
      MyFocal => {
          Require => 'FocalLength',
          ValueConv => '$val =~ tr/./_/; $val =~ s{mm} {}; $val',
      },
      MySpeed => {
          Require => 'ShutterSpeed',
          ValueConv => '$val =~ tr(.)(_); $val',
      },

}, ); 1; # end

! Ferneinloggen per SSH-X-Forwarding

   ssh -c arcfour,blowfish-cbc -XC julia@172.16.2.4

! KAlenderadresse hofmannweb:

   http://mail.hofmannweb.org/horde/rpc.php/kronolith/christoph@hofmannweb.org/christoph@hofmannweb.org.ics

! Farben des Linux Prompts: User:

   [033[01;32m]u@\h[033[01;34m\] \w $[\033[00m\]

Root:

   [033[01;31m]h[033[01;34m\] \W $[\033[00m\]

! Festplatte retten - Zerschossenes Filesystem wiederherstellen

QUELLE: http://forum.ubuntuusers.de/topic/unknown-filesystem-system-startet-nicht/#post-3079277

1. Live Version von Ubuntu (gleiche Distribution) auf USB-Stick geladen und neueste Version von Testdisk http://www.cgsecurity.org/wiki/TestDisk_DE installiert.

2. Testdisk starten

sudo testdisk-6.12/testdisk_static

ACHTUNG: auf Version (z.B. 6.12) achten

3. Festplatte Analysieren, im Expertenmodus (Advanced) die Superblock Sektoren auslesen http://www.cgsecurity.org/wiki/Schritt_für_Schritt_Wiederherstellungsbeispiel bis einschliesslich Sektion Quicksearch und dann weiter mit http://www.cgsecurity.org/wiki/Sicherungskopie_des_erweiterten_ext2-/ext3-SuperBlocks_finden

4. Testdisk wieder verlassen und

z.B. fsck.ext4 -p -b 32768 -B 4096 /dev/sda1

OBACHT: ext4 auf das eigene Dateisystem anpassen, -b stellt die Blocknummer des Superblock Backups dar (z.B 32786), -B stellt die Blockgröße dar (z.B. 4096) sda1 ist in diesem Fall die beschädigte Partition.

Falls dabei Probleme auftreten hat es bei mir ohne -p funktioniert:

z.B. fsck.ext4 -b 32768 -B 4096 /dev/sda1

(dann musste ich nur noch ca. 650 mal „y“ drücken um die Reparatur manuell zu bestätigen)

! Thinkpad x230 DualView mit 2 Monitoren in Dockingstation

* https://wiki.archlinux.org/index.php/multihead * http://www.thinkwiki.org/wiki/Xorg_RandR_1.2

Eigene Lösung: Eine Datei /etc/X11/xorg.conf.d/45-twinview.conf anlegen und folgenden Inhalt rein packen

  Section "Monitor"
      Identifier  "DP2"
      Option      "Primary" "true"
  EndSection

  Section "Monitor"
      Identifier  "VGA1"
      Option      "LeftOf" "DP2"
  EndSection

! Thinkpad Multimediatasten (Fn+Play/Pause,Next,Prev) Mediaplayer steuern

Einfach diese dBus-Kommandos zum steuern eines AudioPlayers nutzen:

  #Pause/Unpause
  "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque     /Player org.freedesktop.MediaPlayer.Pause"
   m:0x0 + c:172
  XF86AudioPlay

#Next Track

  "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque /Player org.freedesktop.MediaPlayer.Next"
  m:0x0 + c:171
  XF86AudioNext

#Previous Track

  "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque /Player org.freedesktop.MediaPlayer.Prev"
  m:0x0 + c:173
  XF86AudioPrev

#Audio Stop

  "dbus-send --print-reply --type=method_call --dest=org.mpris.guayadeque /Player org.freedesktop.MediaPlayer.Stop"
  m:0x0 + c:174
  XF86AudioStop

• DVD Rippen mit:

dvdbackup -i /dev/sr1 -o ~ -M

• ISO file aus Verzeichnis erstellen:

mkisofs -dvd-video -udf -o ~/dvd.iso ~/<Verzeichnis wo die DVD gerippt wurde>

• https://wiki.archlinux.org/index.php/dvdbackup
• https://wiki.archlinux.org/index.php/Optical_disc_drive#DVD_2

default=1 timeout=15 color_normal=light-cyan/dark-gray menu_color_normal=black/light-cyan menu_color_highlight=white/black menuentry „Start Windows Installation“ { insmod ntfs insmod search_fs_uuid insmod chain search –no-floppy –fs-uuid <drive_UUID> –set root chainloader +1 boot } menuentry „Boot from the first hard drive“ { insmod ntfs insmod chain insmod part_msdos set root=(hd1) chainloader +1 boot }

Bei der Abfrage einer adresse bei z.b. ping google.de kommt sofort der A reply vom DNS Server zurück. Der AAAA reply wird aber dann blockiert weil die Juniper sofort zu macht.

Um das Problem zu lösen wurde in der SSG5 per telnet folgendes gesetzt:

 unset alg dns enable

Links:

• https://kb.juniper.net/InfoCenter/index?page=content&id=KB12312&actp=search
• http://unix.stackexchange.com/questions/141163/dns-lookups-sometimes-take-5-seconds

• https://blog.webernetz.net/2015/10/05/juniper-screenos-dhcpv6-prefix-delegation/
• http://michaeldale.com.au/archive/2010/01/17/native-ipv6-over-pppoe-with-internode-and-a-juniper-ssg5/

Noch zu erledigen:

• Gitlab
• Jabber
• http://selfoss.aditu.de/
• dudle?
• git host
• Nagios
• ansible
• NFS & BACKUP

• http://www.3cx.com/blog/docs/avm-fritzbox-firewall-voip/
• http://www.tecchannel.de/kommunikation/handy_pda/433069/voip_hinter_einer_nat_firewall/index6.html
• http://blog.webernetz.net/2014/12/29/voip-von-fritzbox-uber-juniper-ssg-firewall/
• https://www.administrator.de/frage/fritzbox-pfsense-voip-probleme-231636.html
• http://kyza.de/2011/03/30/fritzbox-hinter-anderem-nat-router-oder-firewall/
• https://www.godo.ch/index.php/2014/01/16/isdn-voip-mit-fritzbox-und-pfsense/
• http://blog.james.rcpt.to/2006/02/27/sip-and-netscreen-firewalls/

https://yhaupenthal.org/1409227216.htm

Programm zum anzeigen geordnet nach größe / welcher Ordner welche datei nimmt am meisten Speicherplatz ein:

   ncdu

http://www.lagom.nl/lcd-test/display_settings.php

Server Name: jabber.tuxhelfer.de Admin user: admin@jabber.tuxhelfer.de Passwd: mk…

git.tuxhelfer.de

https://about.gitlab.com/downloads/#debian8

http://ryansechrest.com/2015/08/use-apache-instead-of-built-in-nginx-in-gitlab-ce/

http://serverfault.com/questions/735270/gitlab-8-0-3-with-apache2-nginx

https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache

http://stackoverflow.com/questions/25785903/gitlab-7-2-1-with-apache-server-instead-of-nginx